Your IT Consultant

Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.

Tips to Prevent Business Email Compromise (BEC)

December 16, 2020

BEC has been around for years. Cyber criminals have upped their game during the pandemic. The attacks are more frequent and some are rather clever. Last year, BEC resulted in more than $1.7 billion in losses worldwide according to the Internet Crime Complaint Center (IC3). To help you combat BEC, CSO reported that the FBI Cyber Division recently warned about BEC and urged organizations to review any of its email forwarding rules and follow these 14 recommendations.

  1. Ensure desktop and web email clients run the same version
  2. Be wary of last-minute email account address changes
  3. Check email addresses for slight changes
  4. Enable multi-factor authentication for all email accounts
  5. Prohibit automatic forwarding of email to external addresses
  6. Monitor the Email Exchange server for changes
  7. Flag differences in "reply" and "from" email addresses
  8. Add a banner to messages coming from outside your organization
  9. Review use of legacy email protocols
  10. Log and retain changes to mailbox login and settings for at least 90 days
  11. Enable security features that block malicious email
  12. Encourage employees to challenge suspicious payment requests
  13. Set up alerts for suspicious behavior in email
  14. Report fraud to authorities

The majority of these tips don't cost any money. You may need some technical help for some of them, such as adding a banner for external email messages or setting up multi-factor authentication (MFA). The CSO post has more detail for each of the FBI's recommendations.

Email: Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://senseient.com